MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file was flagged by multiple heuristics, including ClamAV and an ML classifier, as malicious. The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various domains. The document body, though heavily corrupted, contains references to 'Reallifecam free accounts' and includes several of these external URLs, suggesting a phishing or spamming lure. The primary attack pattern involves directing users to a link farm, likely to distribute malware or engage in SEO spam.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://roxandsol.com/uploads/1/3/0/6/130604585/50f583985ac1e.pdf
- http://lamudememorial.com/uploads/1/3/0/5/130538986/goforam_direwiv_saxati_potis.pdf
- http://agl-llc.com/uploads/1/3/0/3/130323622/boveguzusamasuvugak.pdf
- http://jusu.atelier-interior.ru/uploads/2020/01/28/tajafelobaged.pdf
- http://www.busmart.net/uploads/2020/01/28/685ea2a.pdf
- http://dewozupi.acupofh2o.net/uploads/2020/01/29/6488359.pdf
- http://dotiwob.vipiski-online4.icu/uploads/2020/01/28/dagopep.pdf
- http://rofl-case.ru/uploads/2020/01/29/nisad_gemel_piredaxux_vimizaderixe.pdf
- http://desik.kirovkray.ru/uploads/2020/01/28/9bf8755c9b8a994.pdf
- http://vaxadowo.sber-afla.info/uploads/2020/01/28/rulej.pdf
- http://goxuzuvaxo.grmo.xyz/uploads/2020/01/28/7211927.pdf
- http://gitarosux.svadbaivolosi.ru/uploads/2020/01/27/449f2c517.pdf
- http://wuwodaw.ngochastore.com/uploads/2020/01/28/976312.pdf
- http://vubos.vodka-fenix.com/uploads/2020/01/28/4610505.pdf
- http://gokizose.id7me.net/uploads/2020/01/28/torajej-kevezulam-butegudulege.pdf
- http://thelakesmassage.com/uploads/1/3/0/5/130551089/5929180.pdf
- http://yessicacurielmontoya.com/uploads/1/3/0/6/130605083/rinofivajadup-nexejufa-zodetis-dibopudagoki.pdf
- http://ribbonspaperscissors.com/uploads/1/3/0/2/130270936/4274264.pdf
- http://emilyburdettphotography.com/uploads/1/3/0/3/130313582/nosimodomufikabodal.pdf
- http://mcginnecommconsulting.com/uploads/1/3/0/5/130546432/ruponetezo.pdf
- http://liromidimi.delofty-official.com/uploads/2020/01/27/9434414.pdf
- http://keepingupwiththehoustons.com/uploads/1/3/0/6/130621153/jaberotus.pdf
- http://leapsandbounds.in/uploads/1/3/0/6/130605153/2169287.pdf
- http://alumniunitbv.net/uploads/1/3/0/6/130620961/4aeecdacfff0.pdf
- http://woodlandadventures.net/uploads/1/3/0/6/130620788/kodopab_jusuwo_tunij.pdf
- http://haznar.com/uploads/1/3/0/6/130605074/130605074.html#reallifecam+free+accounts
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000017f5.bin5ffb001cfe10da1ed347723419c63d384a2bb8833cd5fb4577678b53aec23c03 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17F5 | 9012 bytes |
font_01_sfnt_off000067d3.bin63befa1f7adac1d04f3d84e127eb90c5c6213535266d0785ac172c1eeacd44f9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x67D3 | 16476 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.